Bitcoin Forum
July 20, 2018, 01:48:00 AM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: Bippy allow encryption/decryption of electrum seeds with BIP38-ish  (Read 1698 times)
Sr. Member
Offline Offline

Activity: 267
Merit: 250

View Profile WWW
June 09, 2014, 11:58:49 AM

This is a bit of a xpost from here

As a physical wallet manufacturer I've been asking a few times if "Can you make electrum wallet backups on wood?".
So far the answer was : "Yes, provided that you encrypt the seed on your side before sending it to me and that the final key actually fits into our physical wallets" .

Now, there is an app for that Wink

Together with the creator of inuit wallet, we are now exploring this possibility with Bippy . Bippy is a multi-currency userfriendly python implementation of the BIP38 encryption protocol.

Sam just tweaked the program to let users enter an Electrum seed and encrypt it with a passphrase. The resulting string starts with SeedE and is short enough to fit our woodwallets.  i.e :-> SeedER4sSM6VLmmDB6Ftu3wNSt483iXw17bJxu3nvQ6qTNsrx2bo7Nnw4zdD

We would love to hear what you think about it.

Step 1:

Install Kivy (required for the UI), clone and run from github :

git clone

Disconnect from the internet and make sure you are using a clean machine (better a Live DVD) and execute the tool

cd bippy

Then to encrypt your electrum seed :
  • Type your seed into the "private key" field. Observe how Bippy detects that a seed has been entered
  • Choose a passphrase
  • Press "Encrypt"

To decrypt your encrypted electrum seed :

  • Type the encrypted seed into the "private key" field.
  • Enter your encryption a passphrase
  • Press "Decrypt"

For technical details I quote his answer on the other post :

Hi Everyone.

I'm Sam, the developer of Bippy. I'm happy to answer any question about the code or implementations of encryption that anyone may have

I've added the ability to encrypt Electrum Mnemonic seeds using a customised encryption method based on BIP0038. Bippy will recognise an Electrum seed based on the fact that it is twelve separate words. You add a password and the encryption takes place. Bippy can also decrypt the encrypted string back to the 12 word seed but only with the correct passphrase.

The code is available on github here:
The Electrum specific code is in this file:

As Nico has said, we are adding functionality to bippy as requests come in so the UI is in need of a bit of work.
I'll be working on making it easier to use over the next few days as well as attempting to get some compiled binaries up and working too.

If you have any questions or suggestions feel free to get in contact or post here.

A quick overview of the method for those who are interested (sorry for anyone who isn't interested. I'm quite pleased with this and want to talk about it Wink):
  • Use the Electrum method to convert the mnemonic into the seed number
  • Take a hash of the last 4 digits to act as a checksum
  • Use that hash and the passphrase to generate an encryption key using scrypt
  • Use that key to AES 256 encrypt the original seed in two halves (as in BIP0038)
  • The encrypted string is a Base58_Check encoded concatenation of some magic bytes (to make the start of the string 'SeedE'), the checksum hash and the two encrypted halves
The decryption is the reverse of this but using the various checksums to ensure that the string is correct and the password works.  

Any thoughts?

Bitmessage : BM-NAx31aEiqeq5zKUtxhKscXQ7Dwn1jJfR
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hero Member
Offline Offline

Posts: 1532051280

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Hero Member
Offline Offline

Activity: 504
Merit: 500

Hempire Loading...

View Profile WWW
January 16, 2015, 06:25:16 PM

This is awesome, why has no one commented on this post?! 

All Physical wallets should be done like this.

Anyone skilled able to review the source code and verify that this is legit and secure?

Please add more BTC here (my son will apprecciate it when he's older): 14WsxbeRcgsSYZyNSRJqEAmB1MKAzHhsCT
Offline Offline

Activity: 1302
Merit: 1002

Core dev leaves me neg feedback #abuse #political

View Profile
January 18, 2015, 02:15:28 AM

This is awesome, why has no one commented on this post?!  

All Physical wallets should be done like this.

Anyone skilled able to review the source code and verify that this is legit and secure?

Well, a quick look at the source code shows me its doing a pretty straightforward AES encryption.
Looks pretty good... but I'm not a cryptographer.

I think the wood wallets are great..they look amazing... I just prefer other methods.

Offline Offline

Activity: 18
Merit: 0

View Profile
January 18, 2015, 07:53:42 PM

I'm Sam, the creator of Bippy.

First off, thanks for the interest and kind words. It's always very nice to hear compliments of work that I've done.
Bippy had a bit of an update since this original post. I added some functionality and prettified the UI a bit to make the flow easier. It also now has Windows installers available on the Bippy website here:

The encryption method followed by Bippy is the exact one laid out in the BIP0038 specification. That does make use of AES as jonald_fyookball mentioned as well as using scrypt for key derivation. Bippy uses a pre-compiled binary version of scyrpt as the pure python implementation meant waiting ~10 minutes for encryption rather than ~10 seconds. If that's a cause for concern you an always compile your own scrypt binary as there is nothing special about the one bundled with Bippy.
I tweaked the BIP0038 specification slightly to allow for some other inputs other than private keys, but the underlying method remains the same.

The Private keys generated by Bippy use three entropy sources. There are the Operating system urandom pool, the clock based entropy and user entered entropy (the bot where you draw the dots over the UI). All told, it's as secure as the browser based tools such as but doesn't rely on a browser with its associated cache. I know that browser tools recommend going offline to generate and to clear the cache after generating keys but, browsers contain thousands of lines of code. I myself haven;t been through that code to check what happens when I clear the cache to ensure that every last trace is cleared.
I'd recommend generating keys and addresses offline with Bippy too but the big difference is that there is no cache in Bippy. (I'm in no way trying to imply that browser based tools are unsafe, I'm just clinging to the one unique selling point I have Smiley)

Happy to answer any other questions that may come. I hope to update Bippy one day, perhaps to support BIP0032 and HD wallets but I must admit that this is no longer my primary concern.

Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!